power up certbot to be able to issue certificates to multiple domains with dry-run capabilities

certbot/Dockerfile

@@ -1,6 +1,7 @@
 FROM phusion/baseimage:bionic-1.0.0
 
-LABEL maintainer="Mahmoud Zalt <mahmoud@zalt.me>"
+LABEL maintainer="Nyongesa Ignatius <ignatius.freelancer@gmail.com>"
+LABEL website="Bytedots Technologies <https://bytedots.com>"
 
 COPY run-certbot.sh /root/certbot/run-certbot.sh
 

certbot/run-certbot.sh

@@ -1,9 +1,58 @@
 #!/bin/bash
 
-letsencrypt certonly --webroot -w /var/www/letsencrypt -d "$CN" --agree-tos --email "$EMAIL" --non-interactive --text
+#-----------------------------------------------------------------------
+#STEP 1) make vars 
 
-cp /etc/letsencrypt/archive/"$CN"/cert1.pem /var/certs/"$CN"-cert1.pem
-cp /etc/letsencrypt/archive/"$CN"/chain1.pem /var/certs/chain1.pem
-cp /etc/letsencrypt/archive/"$CN"/fullchain1.pem /var/certs/fullchain1.pem
-cp /etc/letsencrypt/archive/"$CN"/privkey1.pem /var/certs/"$CN"-privkey1.pem
+#clean environment variables (stripping off redundant quotes if any)
+environment="${ENV%\"}"
+environment="${environment#\"}"
+
+#clean email address (stripping off redundant quotes if any)
+email="${EMAIL%\"}"
+email="${email#\"}"
+
+#clean domain names (stripping off redundant quotes if any)
+domains="${CN%\"}"
+domains="${domains#\"}"
+
+
+CONTACT="$email"
+DOMAINS="$domains"
+
+echo "EMAIL: $CONTACT"
+echo "DOMAINS: $DOMAINS"
+#-----------------------------------------------------------------------
+
+#-----------------------------------------------------------------------
+#STEP 2) get ssl certificates
+printf "MAKING SSL CERTIFICATE FOR \n"
+set -f
+array=(${DOMAINS//,/ })
+for i in "${!array[@]}"
+do
+    echo "$i=>${array[i]} and www.${array[i]}"
+    TLD="${array[i]}"
+    domain="${TLD%\"}"
+    domain="${domain#\"}"
+
+    if [[ "$environment" == "production" ]]; then
+        #for production    
+        letsencrypt certonly --webroot -w /var/www/letsencrypt -d $domain -d "www."$domain  --agree-tos --email $CONTACT --non-interactive --text
+
+        echo "copying certificates to server..."
+
+        #copy live certs if any
+        mkdir -p "/var/certs/$domain" && cp "/etc/letsencrypt/live/$domain/cert.pem"      $_
+        mkdir -p "/var/certs/$domain" && cp "/etc/letsencrypt/live/$domain/chain.pem"     $_
+        mkdir -p "/var/certs/$domain" && cp "/etc/letsencrypt/live/$domain/fullchain.pem" $_
+        mkdir -p "/var/certs/$domain" && cp "/etc/letsencrypt/live/$domain/privkey.pem"   $_
+
+    else
+        #for testing
+        letsencrypt certonly --webroot -w /var/www/letsencrypt -d $domain -d "www."$domain  --agree-tos --email $CONTACT --non-interactive --text --dry-run
+    fi
+done
+#-----------------------------------------------------------------------
+echo "certbot execution at 100%...."
+#-----------------------------------------------------------------------
 

docker-compose.yml

@@ -443,6 +443,8 @@ services:
         - ${NGINX_HOST_LOG_PATH}:/var/log/nginx
         - ${NGINX_SITES_PATH}:/etc/nginx/sites-available
         - ${NGINX_SSL_PATH}:/etc/nginx/ssl
+        - ./data/certbot/certs/:/var/certs
+        - ./certbot/letsencrypt/:/var/www/letsencrypt
       ports:
         - "${NGINX_HOST_HTTP_PORT}:80"
         - "${NGINX_HOST_HTTPS_PORT}:443"
@@ -1149,7 +1151,8 @@ services:
         - ./data/certbot/certs/:/var/certs
         - ./certbot/letsencrypt/:/var/www/letsencrypt
       environment:
-        - CN="fake.domain.com"
+        - ENV=staging #change to 'production' to generate real certificates. 'staging' will by default dry run the request to prevent hitting rate limits during testing 
+        - CN="fake.domain.com,domain.com,domain1.com,domain2.com,domainX.com" #comma separated values of all the domains you wish to add ssl certificates on
         - EMAIL="fake.email@gmail.com"
       networks:
         - frontend